Monday, November 10, 2014

As if You Weren’t Confused Enough….

Nov. 11: An email from the SDT today showed that I needed to adjust items 13 and 14 below, to show that CIP v7 is now officially upon us, not just a theoretical possibility. I've done so.

My two most recent posts, on CIP version 5.7879
and its complicated compliance
schedule, have drawn a lot of interest – although I might call it morbid
fascination, since I think a lot of people just realized that compliance with
CIP versions 5 and 6 is (even) more convoluted than they had thought. But it turns out that I was in fact leaving a
lot of complication out. If you’ve heard
enough about NERC complications for a while, I suggest you not continue with
this post. If you continue anyway, I
wish to point out that I am not responsible for any heart attacks, suicides,
etc. You’ve been warned.

Some of you may have noted my second footnote
in the second post (on the compliance schedule), where I showed people where to
download the v6 standards, but said they should ignore the “-X” standards,
since that just introduces a lot more complication into the discussion. I said this because I wanted readers to
download the standards that are closest to what they will ultimately have to
comply with, not the stalking horses that bear the “-X” suffix.

However, the SDT today sent out a nice email
saying that the v6 standards (or the “CIP Version 5 Revisions”, as the SDT
keeps calling v6, presumably as a way of showing they have a sense of humor)
were all approved in the most recent (the third) ballot, and they would be sent
on to the NERC Board of Trustees for approval.
They listed the standards that had been approved, and of course none of
them had “-X” after them.

This prompted one knowledgeable friend to
email me saying something to the effect of “WTF?” (which I believe stands for Western
Transmission Forum). His point was that
I’d just said in the post that two of the v6 standards, CIP-003-6 and
CIP-010-2, were not going to be submitted to FERC now, since the SDT wanted to
revise them due to the comments they’d received at the last posting. However, here was the SDT saying they were
going to submit all the v6 standards, including those two, to the BoT right
away!

The reason he was confused was quite
understandable, and it has to do with the “-X” standards that I didn’t want to
discuss in the post yesterday. Here is
what led to those standards being developed and posted:

Remove “Identify,
Assess and Correct” from the 17 requirements where it was found;

Provide
protection for “communication networks”, referring specifically to
cabling and things like hubs that connect devices within the ESP, but are
themselves outside of a PSP;

Provide
protection for “Transient Electronic Devices”; and

Provide
more specific requirements for Low impact assets.

For the first two
changes, they specified a deadline, which turned out to be February 3,
2015; FERC didn’t set a deadline for the third and fourth changes.

The SDT developed
the revised standards, and the first draft was balloted in July. The standards with the IAC and
communications networks revisions passed; CIP-010-2 (containing the Transients
requirement) and CIP-003-6 (containing the Lows requirement) did not.

The second drafts
of CIP-010-2 and CIP-003-6 were posted for comment in September, and
balloted in October. However, the
SDT didn’t just post these two standards; it also posted five standards
labeled CIP-003-X, CIP-004-X, CIP-007-X, CIP-010-X, and CIP-011-X. It asked NERC entities to vote on all
seven standards (plus some other documents you can see on the v6
web page).

The reason for
posting these was that the SDT was concerned that CIP-010-2 and CIP-003-6
might not pass on the second ballot.
They would then require revisions and a third ballot; if they passed
that, it would still be followed by the mandatory Final ballot (formerly
called the “Recirculation ballot”), where hopefully all the standards
would pass a final time.

The problem was
that all of this might delay BoT approval until after February, meaning
that NERC would have missed FERC’s deadline for the first two mandates.

So the SDT came up
with the “-X” strategy, in which it would post versions of the standards
that didn’t have any of the language related to the Transient and Low
impact requirements, and ask NERC entities to approve these.[i] That way, if CIP-003-6 and/or CIP-010-2
went down to defeat, NERC would still have a consistent set of v6
standards ready for FERC by the Feb. 3 deadline.[ii]

But it gets more
complicated here (I’m sure you’re glad to hear that). It turns out CIP-003-6 and CIP-010-2 did pass the October ballot; yet
the SDT recently decided they needed to be balloted again anyway (see the
second part of this
post from last week). Why did they
do that? Because they felt that
some of the comments they’d received in the September-October posting were
worth considering for changes to CIP-003-6 and CIP-010-2; therefore, they
thought it was worthwhile to take the time (and another ballot) required
to improve them. They are currently
working on just that.

This is why the CIP-003,
-004, -007, -010 and -011 standards posted for the “Final” ballot (Oct. 28
– Nov. 6) included the “-X” versions, not the v6 versions; there wouldn’t
have been a consistent set of standards any other way. These standards will be approved by the
BoT this month and packaged up with a bow, awaiting the decision to send
them to FERC.

However, the BoT
will not send them to FERC right
away. This isn’t because NERC
worries they’ll get lost in the Christmas snail mail rush. Rather, NERC and the SDT are hoping that
the revised CIP-003 and CIP-010 will easily pass the next ballot.
At that point, the “-X” standards will be tossed in the trash
(recycled, I hope) and these two standards will be reunited with their
siblings that passed the first ballot, namely CIP-004-6, CIP-006-6, CIP-007-6,
CIP-009-6, and CIP-011-2. The whole
family will then be balloted for another “Final” ballot[iii],
quickly approved by the BoT, and sent over to FERC by a courier jumping on
the next Metro train in DC (OK, maybe he’ll take a cab; they’re pretty
cheap in DC). And this should all
happen pretty easily by Feb. 3.

However, let’s
consider: What if the NERC ballot body decides they don’t like the new
CIP-003-6 and CIP-010-2, and rejects them on the next ballot? Then the SDT needs to consider the new
comments, convene a few meetings, and come up with new versions for the
fourth regular ballot. And if that doesn’t
work, they’ll keep repeating the process until it does work.

However, this will
likely occur too late for NERC still to make the Feb. 3 filing
deadline. This means the BoT will
have to go back to the set of standards they will approve this month (i.e.
the ones including the “-X” versions) and send those over to FERC as CIP
v6.

Of course, it’s still certain that the revised CIP-003 and CIP-010 will
finally be passed by the NERC ballot body, approved by the BoT, and sent to
FERC. Now, here’s the punch line
(and the extra credit quiz): What version will these two standards be
called?

If you answered “CIP
version 7”, you get a gold star to stick on your forehead and show Mommy
(she’ll be very proud). An email to the SDT Plus List on Nov. 11 confirmed that these two standards will be balloted as CIP-003-7 and CIP-010-3. These will of course replace CIP-003-6
and CIP-010-2 in the set of CIP standards that need to be complied
with. And this, boys and girls,
means entities will have to comply simultaneously with three different CIP versions! Now, doesn’t that sound like fun?

And what does this
mean the next version of CIP will be?
Oh, you’re so smart…It will be v8! Hopefully we'll get a few years before we have to worry about that.

There must be an easier way to make a living
than writing about NERC…Oh wait, this isn’t
how I make my living!

The views and opinions expressed here are my
own and don’t necessarily represent the views or opinions of Honeywell.

[i]
It should be clear why CIP-003-X and CIP-010-X were posted, since those are the
two standards where the Transient and Low impact requirements reside. But the SDT also posted CIP-004-X, CIP-007-X
and CIP-011-X. It seems all three of
these standards (which had already passed on the first ballot in their “-6”
versions) contained small pieces of language related to the new Transient
requirement; so they also needed to be “cleansed” of their Transient language,
in case CIP-010-2 didn’t pass. These
three standards were in version 6 in the first place because they contained “Identify,
Assess and Correct” language that was taken out to meet FERC’s first mandate.

[ii]
Remember that the Transient and Low mandates didn’t have a deadline, but the
other two mandates did.

[iii]
Although I’m not sure how you can have two Final ballots for one version of the
standards. This is clearly beyond my pay
grade.